US11055682B2ActiveUtilityA1
Authenticated self-service terminal (SST) access
Est. expiryOct 13, 2034(~8.3 yrs left)· nominal 20-yr term from priority
G06Q 20/382G06Q 20/18H04L 63/0807H04L 63/10G06F 21/35G06F 21/36G06F 2221/2103G06Q 20/40G07F 19/209G06Q 20/322G06Q 20/3226
54
PatentIndex Score
0
Cited by
18
References
9
Claims
Abstract
An SST facilitates authentication of a user through an external service via a mobile device operated by the user. The SST also obtains independent verification of an access command sent from a server through a cryptographic peripheral module integrated into the SST before sending a command to grant authenticated access to the SST in response to the access command.
Claims
exact text as granted — not AI-modifiedThe invention claimed is:
1. A method, comprising:
executing, by a processor of a Self-Service Terminal (SST), a SST core application from a non-transitory computer-readable storage medium;
executing, by a peripheral device, a cryptographic application, wherein the peripheral device is connected to the SST over an internal wired connection to the SST;
receiving, by the SST core application, a connection request for a wired or wireless connection between the SST and a mobile device operated by a customer engineer associated with the SST;
establishing, by the SST core application, the wireless or the wired connection with the mobile device based on the connection request received by the SST from the mobile device of the customer engineer;
displaying, by the SST core application, an authentication token on a display of the SST based on the establishing;
obtaining, by the SST core application, an access command from a server over a network connection after the displaying;
requesting, by the SST core application over an internal wired connection of the SST, a challenge message from the peripheral device based on the access command;
producing, by the cryptographic application of the peripheral device, the challenge message based on the requesting of the challenge message;
sending, by the cryptographic application of the peripheral device, the challenge message to the SST core application over the internal wired connection;
sending, by the SST core application, the challenge message to the server over the network connection;
receiving, by the SST core application, a digitally signed version of the challenge message back from the server;
providing, by the SST core application, the digitally signed version of the challenge message to the cryptographic application of the peripheral device;
validating, by the cryptographic application of the peripheral device, a digital signature from the digitally signed version of the challenge message against a server digital signature for the server;
sending, by the cryptographic application of the peripheral device, over the internal wired connection, a message to the SST core application based on the validating;
receiving, by the SST core application, the message from the cryptographic application over the internal wired connection;
causing, by the SST core application, an electronic lock associated with a locked access door of the SST to unlock based the message; and
displaying, by the SST core application, on the display of the SST an administrative interface allowing the customer engineer access to software resources of the SST through the administrative interface based on the message.
2. The method of claim 1 , wherein establishing the wireless or the wired connection further includes:
generating, by the SST core application, the authentication token based on the receiving.
3. The method of claim 2 , wherein generating the authentication token further includes:
encoding, by the SST core application, a mobile device identifier for the mobile device, an SST identifier for the SST, an indication of the wireless request, and a current date and time;
creating from the encoding a Quick Response (QR) code; and
displaying the QR code as the authentication token on the display.
4. The method of claim 1 , wherein establishing further includes:
receiving, by the SST core application, the connection request from the mobile device over a restricted wired connection between the SST and a mobile device; and
generating, by the SST core application, the authentication token based on the connection request.
5. The method of claim 1 , wherein obtaining further includes:
starting, by the SST core application, a timer;
detecting, by the SST core application, that a period of time has lapsed while waiting to receive the access command from the server based on a timer value for the timer by comparing the time value against the period of time and determining that the timer value exceeds the period of time;
replacing, by the SST core application, the authentication token on the display; and
iterating, by the SST core application, back to the starting of the timer until the access command is received from the server.
6. The method of claim 1 further comprising:
processing the SST core application as an intermediary between the peripheral device and the server, wherein the SST core application of the SST forwards encrypted information between the peripheral device and the server;
wherein the SST core application and the SST are incapable of decrypting the encrypted information.
7. The method of claim 1 further comprising, sending, by the SST core application, at least some audit data to the server associated with the access command.
8. The method of claim 7 , wherein sending the at least some audit data to the server further includes maintaining, by the SST core application, the at least some audit data in a log on the SST before sending the at least some audit data from the SST to the server.
9. The method of claim 8 , wherein sending further includes:
detecting, by the SST core application, a termination of the access; and
sending, by the SST core application, an additional audit data to the server based on the detecting.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.